Comprehensive VLAN (Virtual Local Area Network) reference tool with IEEE 802.1Q standards, reserved VLAN IDs, naming conventions, and network segmentation best practices.

VLAN ID Lookup

Reserved VLAN IDs

Cisco Reserved VLANs

  • VLAN 1 - Default VLAN (cannot be deleted, avoid using for production)
  • VLAN 1002 - FDDI-default (Token Ring)
  • VLAN 1003 - Token-Ring-default
  • VLAN 1004 - FDDINET-default
  • VLAN 1005 - TRNET-default
  • VLANs 1006-4094 - Extended Range VLANs (require VTP transparent mode)

IEEE 802.1Q Reserved

  • VLAN 0 - Priority tagged frames (no VLAN)
  • VLAN 4095 - Reserved, implementation specific

VLAN Ranges

RangeTypeDescriptionUse Case
1DefaultNative/Default VLANManagement (not recommended)
2-1001NormalStandard VLAN rangeGeneral use, VTP supported
1002-1005ReservedLegacy protocolsDo not use
1006-4094ExtendedExtended range VLANsLarge deployments, VTP transparent

Common VLAN Numbering Schemes

Lang: text 
 1VLAN 10  - Management
 2VLAN 20  - Servers
 3VLAN 30  - Workstations/Users
 4VLAN 40  - Printers
 5VLAN 50  - VoIP/Phones
 6VLAN 60  - Guest/Public WiFi
 7VLAN 70  - Security/Cameras
 8VLAN 80  - IoT Devices
 9VLAN 99  - Native VLAN (unused)
10VLAN 100 - DMZ

By Department

Lang: text 
1VLAN 100-109 - IT Department
2VLAN 110-119 - Finance
3VLAN 120-129 - HR
4VLAN 130-139 - Sales
5VLAN 140-149 - Engineering
6VLAN 150-159 - Marketing

By Floor/Building

Lang: text 
1VLAN 201 - Building 1, Floor 1
2VLAN 202 - Building 1, Floor 2
3VLAN 211 - Building 2, Floor 1
4VLAN 212 - Building 2, Floor 2

VLAN Naming Best Practices

Good Names:

  • Descriptive and consistent
  • Include purpose or location
  • Use standardized prefixes

Examples:

Lang: text 
1VLAN 10  - MGMT-Infrastructure
2VLAN 20  - SRV-Production
3VLAN 30  - WKS-General
4VLAN 40  - PRT-Shared
5VLAN 50  - VOIP-Phones
6VLAN 60  - GUEST-WiFi
7VLAN 70  - SEC-Cameras
8VLAN 80  - IOT-Devices
9VLAN 100 - DMZ-WebServers

Network Segmentation Guide

Small Office (< 50 users)

Lang: text 
1VLAN 10 (/27) - Management (30 IPs)
2VLAN 20 (/25) - Users (126 IPs)
3VLAN 30 (/28) - Servers (14 IPs)
4VLAN 40 (/28) - Printers (14 IPs)
5VLAN 50 (/26) - VoIP (62 IPs)
6VLAN 60 (/27) - Guest WiFi (30 IPs)

Medium Office (50-250 users)

Lang: text 
1VLAN 10  (/27) - Management
2VLAN 20  (/23) - Users (510 IPs)
3VLAN 30  (/26) - Servers (62 IPs)
4VLAN 40  (/27) - Printers (30 IPs)
5VLAN 50  (/24) - VoIP (254 IPs)
6VLAN 60  (/25) - Guest WiFi (126 IPs)
7VLAN 70  (/27) - Security (30 IPs)
8VLAN 80  (/26) - IoT (62 IPs)
9VLAN 100 (/28) - DMZ (14 IPs)

Enterprise (250+ users)

Lang: text 
1Multiple /24 or larger subnets
2Hierarchical VLAN numbering
3Multiple sites with standardized ranges
4Layer 3 routing between VLANs

Security Best Practices

Native VLAN

  • Never use VLAN 1 as native VLAN
  • Use an unused VLAN (e.g., VLAN 99) as native
  • Ensure native VLAN is not used for any hosts
  • Prevents VLAN hopping attacks

Access Control

  • Implement Private VLANs (PVLAN) where needed
  • Use VLAN Access Control Lists (VACLs)
  • Apply Port Security on access ports
  • Enable DHCP snooping per VLAN
  • Configure Dynamic ARP Inspection (DAI)

Segmentation

  • Separate management traffic (VLAN 10)
  • Isolate guest networks from internal
  • Segment IoT devices from production
  • DMZ for public services (separate VLAN)
  • VoIP on dedicated VLAN for QoS

Inter-VLAN Routing

Router-on-a-Stick

Lang: text 
1Single physical connection
2Multiple sub-interfaces (one per VLAN)
3Good for small networks
4Limited by single link bandwidth

Layer 3 Switch (SVI)

Lang: text 
1Switch Virtual Interfaces
2Native routing between VLANs
3Best performance
4Recommended for most deployments

Separate Router

Lang: text 
1Physical interface per VLAN
2Maximum separation
3Expensive, requires many ports
4Legacy approach

Common Use Cases

Office Network Segmentation

  • Separate users, servers, printers, phones
  • Guest WiFi isolation
  • Management network security
  • QoS for voice traffic

Data Center

  • Web tier (DMZ)
  • Application tier
  • Database tier
  • Storage network
  • Management/backup network

Campus Network

  • Per-building or per-floor VLANs
  • Centralized services VLAN
  • Wireless controller VLAN
  • Security camera VLAN

Manufacturing/Industrial

  • Office network
  • Production floor
  • SCADA/ICS systems (isolated)
  • Guest/vendor access
  • Security/surveillance

VLAN Trunking (802.1Q)

Trunk Port Configuration

Lang: text 
1Carries multiple VLANs
2Tags frames with VLAN ID (except native)
34-byte 802.1Q tag inserted
4Switch-to-switch or switch-to-router

Allowed VLANs

  • Specify allowed VLANs on trunks
  • Reduces broadcast domain
  • Improves security
  • Example: switchport trunk allowed vlan 10,20,30

Troubleshooting VLANs

Common Issues

  1. Wrong VLAN assignment - Check port configuration
  2. Native VLAN mismatch - Verify both ends of trunk
  3. VLAN not allowed on trunk - Check allowed VLAN list
  4. VTP domain issues - Verify VTP settings
  5. Missing default gateway - Check inter-VLAN routing

Verification Commands (Cisco)

Lang: bash 
1show vlan brief
2show interfaces trunk
3show interfaces switchport
4show vtp status
5show ip route
6show spanning-tree vlan [id]

Documentation Template

Lang: text 
1VLAN ID: ___
2Name: ___________
3Description: ___________
4Subnet: ___.___.___.___/___
5Gateway: ___.___.___.___
6DHCP Range: ___.___.___.___  to  ___.___.___.___
7Reserved IPs: ___________
8Purpose: ___________
9Security: ___________

Planning Checklist

  • Determine number of VLANs needed
  • Choose VLAN numbering scheme
  • Assign subnet ranges for each VLAN
  • Plan IP address allocations
  • Configure native VLAN (not VLAN 1)
  • Design inter-VLAN routing
  • Implement security policies
  • Configure QoS if needed
  • Document all VLANs
  • Test connectivity between VLANs

Quick Reference

Maximum VLANs: 4094 (1-4094, excluding reserved)

802.1Q Tag: 4 bytes (TPID + TCI)

VLAN Priority: 0-7 (CoS/QoS)

Native VLAN: Untagged traffic on trunk

Voice VLAN: Special VLAN for IP phones

Private VLAN: Isolated, community, promiscuous ports